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>N| THE ABSTRACT 

(Currently amended) 

Th e prrirnt h^w..™ u» prphnriimants of the present invention are 
directed toward nesting roles in a directory system. A nested role is a container 
of other roles. To nest, the DNs corresponding to the roles are added or 
encapsulated to form a nested role. A "nested" role can be configured to provide 
additional level of abstraction by nesting different role types - filtered, managed, 
enumerated or nested— whereby an entry can be a member of any one of the 
roles in the nesting. Nested roles allow a user to create roles that contain other 
roles. A nested role can be created with no members nested. Alternatively, a 
nested role may contain one or more members. The nesting or encapsulation is 
performed if (1) the target ertfry is within the scope of the role; and/or (2) target 
entry is within the scope of the role that causes the target entry to possess the 
nested role. 

IM THE CLAIMS 

Please amend the claims as shown below: 
Claims 1-23 (Cancelled) 

24. (New) A method for creating a nested role in a tree structured directory 
server comprising a plurality of entries comprising: 

Serial NO. 09/867,516 Art Unit: 2171 

Examiner: Le, Uyen 

2 

PAGE 8/23 * RCVD AT 1(3012004 12:56:24 PM [Eastern Standard Time] * SVRiUSPTO-EFXK * DNIS:7465607 ' CSID :4089389058 ' DURATION (mm*ss):07-22 



81/38/2804 18:52 4889389058 WAGNERMURABITOHAO . PAGE 88 

SUN-P5832NP.US 

accessing a first role associated with one or more of said plurality of 
entries wherein said first role comprises a first identifiable attribute and a first 

distinguished name; 

accessing a second role associated with one or more of said plurality of 
entries wherein said second role comprises a second identifiable attribute and a 
second distinguished name; and 

creating said nested role by encapsulating said first distinguished name 
and said second distinguished name wherein said nested role comprises said 
first identifiable attribute and said second identifiable attribute and can be 
associated with one or more of said plurality of entries. 

25. (New) The method as recited in Claim 24 further comprising: 
encapsulating said fir* identifiable attribute and said second identifiable 

attribute into a third distinguished name. 

26. (New) The method as recited in Claim 25 wherein said third distinguished 
name is nsRoleDN. 

27. (New) The method as recited in Claim 24 wherein said first role is a 
dynamic role and wherein said first identifiable attribute is computed at the time 
of accessing said first role. 
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28. (New) The method as recited in Claim 24 wherein said first role is an 
enumerated role. 

29. (New) The method as recited in Claim 24 wherein said first role is a 

filtered role. 

30. (New) The method as recited in Claim 24 wherein said first role is a 
nested role, 

31 . (New) A system for creating a nested role in a tree structured directory 
server comprising a plurality of entries comprising: 

a directory server comprising a hierarchical data store associating a 
plurality of entries with service attributes, said hierarchical data store comprising 
an organization level and a role level and further comprising attribute templates 
defined with respect to services and levels; 

an application for accessing a first role level associated with one or more 
of said plurality of entries wherein said first role level comprises a first service 
attribute and a first distinguished name; 

an application for accessing a second role level associated with one or 
more of said plurality of entries wherein said second role level comprises a 
second service attribute and a second distinguished name; and 
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an application for creating said nested role level by encapsulating said first 
distinguished name and said second distinguished name wherein said nested 
role level comprises said first service attribute and said second service attribute 
and can be associated with one or more of said plurality of entries. 

32. (New) The system as recited in Claim 31 wherein said first service 
attribute and said second service attribute are encapsulated into a third 
distinguished name. 

33. (New) The system as recited in Claim 32 wherein said third distinguished 
name is nsRoleDN. 

34. (New) The system as fecited in Claim 31 wherein said first role level is a 
dynamic role level and wherein said first service attribute is computed at the time 
of accessing said first role level. 

35. (New) The system as recited in Claim 31 wherein said first role level is an 
enumerated role level. 

36. (New) The system as recited in Claim 31 wherein said first role level is a 
filtered role level. 
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37. (New) The system as recited in Claim 31 wherein said first role level is a 
nested role level. 

38. A method for validating whether an entry of a tree structured hierarchical 
directory server comprising a plurality of entries meets criteria for a nested role 
comprising: 

accessing said nested role comprising a first distinguished name and a 
second distinguished name and further comprising a first identifiable attribute and 
a second identifiable attribute wherein each of said identifiable attributes can be 
associated with one or more of said plurality of entries; and 

in response to a query for an entry, computing a computed attribute 
associated with one or more of said plurality of entries and verifying if said 
computed attribute matches said first identifiable attribute or said second 
identifiable attribute. 

39. The method as recited in Claim 38 further comprising: 
encapsulating said first identifiable attribute and said second identifiable 

attribute into a third distinguished name. 

40. (New) The method as recited in Claim 39 wherein said third distinguished 
name is nsRoleDN. 
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